mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-20 08:04:44 +02:00
0xMarcio
778 B
778 B
CVE-2013-4891
Description
The xss_clean function in CodeIgniter before 2.1.4 might allow remote attackers to bypass an intended protection mechanism and conduct cross-site scripting (XSS) attacks via an unclosed HTML tag.
POC
Reference
- https://github.com/bcit-ci/CodeIgniter/issues/4020
- https://nealpoole.com/blog/2013/07/codeigniter-21-xss-clean-filter-bypass/